General
-
Target
LOWE COPY.exe
-
Size
952KB
-
Sample
210115-dhe6y3b7ms
-
MD5
22f9f9ee353bd2cb4fa8402de52626c2
-
SHA1
8ce8dc75f001d54a622844034d4159268c4bf994
-
SHA256
034a88044cda55e5e899dda57067450bb725109dcfc9147d6ae41d7b08584734
-
SHA512
5b29c736ed127800283526cb0538059da973d930d174bd344b0cd5a80e68cbbc586252a88f3e52e115eb9ad757dc734b6c068734e68b024d1487541e60e1e27c
Static task
static1
Behavioral task
behavioral1
Sample
LOWE COPY.exe
Resource
win7v20201028
Malware Config
Extracted
formbook
http://www.a-emeservice.com/m8ec/
thomascraigwealth.com
melbournemedicalhealth.net
tdxcoin.com
lukassbprojects.net
aldemallc.com
moqawalat-kuwait.com
txcsco.com
jobcarepro.com
sedotwcmedanmurah.com
niconthenine.com
radliffrehab.com
infiniteechogroup.com
stellantis-luxury-rent.com
ibusehat.info
resellerauctions.com
softwarexprogrammers.com
bumpnlifestyle.com
mintmacher.com
partapprintercare.com
justrightinsurance.com
beyond-ml.com
mikrotandborste.com
madisonmeadowsseniorliving.com
smart14day.com
fiftyfivetwelve.com
respectinvestadvance.com
shelleylutherfortexas.com
kunst-stueck-chen.com
adastraperaspera.xyz
aletheaastraea.info
zhghzlg.com
cameroncooperar.com
inrushconsulting.com
oldeny.com
foggardens.com
bubbygoobers.com
apartmentnegotiator.com
iregentos.info
charlesadoptionhome.com
sugawara-garasu.com
insidescripps.net
offerlamp.com
flagpeel.com
tb1919.com
estherneil.com
greatunsearchablethings.com
jeunetherapie.com
ricardoinman.com
sbq58.com
morifan.com
foodpukka.com
onewaytaxi.club
ksolves-vendor.com
ashleighemmaboyle.com
hbseelong.com
vanotti-watches.com
faizulrahmanmusafir.com
cb5677.com
gcasservices.com
perteprampram01.com
308hamlinloop.com
machkind.com
cwpdhambers.xyz
glenwoodsteak.com
Targets
-
-
Target
LOWE COPY.exe
-
Size
952KB
-
MD5
22f9f9ee353bd2cb4fa8402de52626c2
-
SHA1
8ce8dc75f001d54a622844034d4159268c4bf994
-
SHA256
034a88044cda55e5e899dda57067450bb725109dcfc9147d6ae41d7b08584734
-
SHA512
5b29c736ed127800283526cb0538059da973d930d174bd344b0cd5a80e68cbbc586252a88f3e52e115eb9ad757dc734b6c068734e68b024d1487541e60e1e27c
-
Xloader Payload
-
Deletes itself
-
Suspicious use of SetThreadContext
-